[systemd-devel] How to correctly use memory controls (MemoryLow) on unified hierarchy system?

Benjamin Berg benjamin at sipsolutions.net
Fri May 21 14:07:24 UTC 2021 

Hi,

On Fri, 2021-05-21 at 15:25 +0300, Andrei Borzenkov wrote:
> systemd offers MemoryLow for an individual units. It actually sets
> memory.low cgroup attribute, so this is OK. The problem is according to
> kernel dcouemtation, memory.low is limited by value set in parent
> cgroup and all parent cgroups have memory.low=0:
> 
> /sys/fs/cgroup/user.slice/user-1001.slice/user at 1001.service/gnome-
> shell-wayland.service/memory.low:536870912
> /sys/fs/cgroup/user.slice/user-1001.slice/user at 1001.service/memory.low:
> 0
> /sys/fs/cgroup/user.slice/user-1001.slice/memory.low:0
> /sys/fs/cgroup/user.slice/memory.low:0
> 
> which implies setting on lead cgroup has no effect.
> 
> Is it necessary to explicitly set it on every ancestor? There is no
> clarification in systemd documentation and value is applied without any
> warning.

Yes, you need to set it on all ancestors, and the documentation
mentions this:

"""
For a protection to be effective, it is generally required to
set a corresponding allocation on all ancestors, which is
then distributed between children (with the exception of the
root slice). Any MemoryMin= or MemoryLow= allocation that is
not explicitly distributed to specific children is used to
create a shared protection for all children. As this is a
shared protection, the children will freely compete for the
memory.
"""

Depending on the kernel versions there may be some other caveats:

"""
Units may have their children use a default "memory.min" or
"memory.low" value by specifying DefaultMemoryMin= or
DefaultMemoryLow=, which has the same semantics as MemoryMin=
and MemoryLow=. This setting does not affect "memory.min" or
"memory.low" in the unit itself. Using it to set a default
child allocation is only useful on kernels older than 5.7,
which do not support the "memory_recursiveprot" cgroup2 mount
option.
"""

You need to configure it correctly in various locations. Personally, I
would suggest taking a look at uresourced[1]. It will correctly set a
configurable memory protection, enables some other cgroup features and
tracks the currently active user. Fedora is shipping it by default and
it appears to work well there.

Benjamin

[1] https://gitlab.freedesktop.org/benzea/uresourced and
https://lwn.net/Articles/829567/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210521/013b2594/attachment.sig>

More information about the systemd-devel mailing list